001/*
002 * Copyright 2017-2019 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright (C) 2017-2019 Ping Identity Corporation
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021package com.unboundid.util.ssl.cert;
022
023
024
025import com.unboundid.asn1.ASN1OctetString;
026import com.unboundid.util.Debug;
027import com.unboundid.util.NotMutable;
028import com.unboundid.util.OID;
029import com.unboundid.util.StaticUtils;
030import com.unboundid.util.ThreadSafety;
031import com.unboundid.util.ThreadSafetyLevel;
032
033import static com.unboundid.util.ssl.cert.CertMessages.*;
034
035
036
037/**
038 * This class provides an implementation of the subject key identifier X.509
039 * certificate extension as described in
040 * <A HREF="https://www.ietf.org/rfc/rfc5280.txt">RFC 5280</A> section 4.2.1.2.
041 * The OID for this extension is 2.5.29.14.  The value is an octet string and is
042 * intended to identify the public key used by a certificate.  The actual format
043 * of the key identifier is not specified, although RFC 5280 does specify a
044 * couple of possibilities.
045 */
046@NotMutable()
047@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
048public final class SubjectKeyIdentifierExtension
049       extends X509CertificateExtension
050{
051  /**
052   * The OID (2.5.29.14) for subject key identifier extensions.
053   */
054  public static final OID SUBJECT_KEY_IDENTIFIER_OID = new OID("2.5.29.14");
055
056
057
058  /**
059   * The name of the message digest algorithm that will be used to generate a
060   * certificate's subject key identifier from its public key.  Note that we're
061   * using SHA-1 rather than something better (like SHA-256) because it appears
062   * that the Microsoft CA cannot handle a 256-bit identifier but will accept a
063   * 160-bit identifier.
064   */
065  static final String SUBJECT_KEY_IDENTIFIER_DIGEST_ALGORITHM = "SHA-1";
066
067
068
069  /**
070   * The serial version UID for this serializable class.
071   */
072  private static final long serialVersionUID = -7175921866230880172L;
073
074
075
076  // The key identifier for this extension.
077  private final ASN1OctetString keyIdentifier;
078
079
080
081  /**
082   * Creates a new subject key identifier extension with the provided
083   * information.
084   *
085   * @param  isCritical     Indicates whether this extension should be
086   *                        considered critical.
087   * @param  keyIdentifier  The key identifier for this extension.  It must not
088   *                        be {@code null}.
089   */
090  SubjectKeyIdentifierExtension(final boolean isCritical,
091                                final ASN1OctetString keyIdentifier)
092  {
093    super(SUBJECT_KEY_IDENTIFIER_OID, isCritical,
094         keyIdentifier.encode());
095
096    this.keyIdentifier = keyIdentifier;
097  }
098
099
100
101  /**
102   * Creates a new subject key identifier extension from the provided generic
103   * extension.
104   *
105   * @param  extension  The extension to decode as a subject key identifier
106   *                    extension.
107   *
108   * @throws  CertException  If the provided extension cannot be decoded as a
109   *                         subject alternative name extension.
110   */
111  SubjectKeyIdentifierExtension(final X509CertificateExtension extension)
112       throws CertException
113  {
114    super(extension);
115
116    try
117    {
118      keyIdentifier = ASN1OctetString.decodeAsOctetString(extension.getValue());
119    }
120    catch (final Exception e)
121    {
122      Debug.debugException(e);
123      throw new CertException(
124           ERR_SUBJECT_KEY_ID_EXTENSION_CANNOT_PARSE.get(
125                String.valueOf(extension), StaticUtils.getExceptionMessage(e)),
126           e);
127    }
128  }
129
130
131
132  /**
133   * Retrieves the key identifier for this extension.
134   *
135   * @return  The key identifier for this extension.
136   */
137  public ASN1OctetString getKeyIdentifier()
138  {
139    return keyIdentifier;
140  }
141
142
143
144  /**
145   * {@inheritDoc}
146   */
147  @Override()
148  public String getExtensionName()
149  {
150    return INFO_SUBJECT_KEY_IDENTIFIER_EXTENSION_NAME.get();
151  }
152
153
154
155  /**
156   * {@inheritDoc}
157   */
158  @Override()
159  public void toString(final StringBuilder buffer)
160  {
161    buffer.append("SubjectKeyIdentifierExtension(oid='");
162    buffer.append(getOID());
163    buffer.append(", isCritical=");
164    buffer.append(isCritical());
165    buffer.append(", identifierBytes='");
166    StaticUtils.toHex(keyIdentifier.getValue(), ":", buffer);
167    buffer.append("')");
168  }
169}